A remotely exploitable buffer overflow exists in all versions of webalizer prior to version 2.01-10.
webalizer is a web server log file analysis program.
webalizer has the ability do resolve hostnames as part of the process of generating reports. A buffer overflow exists in the code that resolves the hostnames. As a result, an attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges. Note that webalizer would have to be actively performing a DNS lookup in order for this vulnerability to be exploited.
An attacker controlled DNS server can send an unusually large DNS response message and corrupt the data produced by the program and/or gain root privileges.
Apply a vendor patch. If a patch is not available, upgrade to version 2.01-10 or later.
Thanks to Spybreak for reporting this vulnerability.
This document was written by Ian A Finlay.
|Date First Published:||2002-10-28|
|Date Last Updated:||2002-10-28 17:45 UTC|